libtomcrypt/src/hashes/sha1.c - platform/external/dropbear - Git at Google

 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
  *
  * LibTomCrypt is a library that provides various cryptographic
  * algorithms in a highly modular and flexible manner.
  *
  * The library is free for all purposes without any express
  * guarantee it works.
  *
  * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
  */
 #include "tomcrypt.h"

 /**
   @file sha1.c
   SHA1 code by Tom St Denis
 */


 #ifdef SHA1

 const struct ltc_hash_descriptor sha1_desc =
 {
     "sha1",
     2,
     20,
     64,

     /* OID */
    { 1, 3, 14, 3, 2, 26,  },
    6,

     &sha1_init,
     &sha1_process,
     &sha1_done,
     &sha1_test,
     NULL
 };

 #define F0(x,y,z)  (z ^ (x & (y ^ z)))
 #define F1(x,y,z)  (x ^ y ^ z)
 #define F2(x,y,z)  ((x & y) | (z & (x | y)))
 #define F3(x,y,z)  (x ^ y ^ z)

 #ifdef LTC_CLEAN_STACK
 static int _sha1_compress(hash_state *md, unsigned char *buf)
 #else
 static int  sha1_compress(hash_state *md, unsigned char *buf)
 #endif
 {
     ulong32 a,b,c,d,e,W[80],i;
 #ifdef LTC_SMALL_CODE
     ulong32 t;
 #endif

     /* copy the state into 512-bits into W[0..15] */
     for (i = 0; i < 16; i++) {
         LOAD32H(W[i], buf + (4*i));
     }

     /* copy state */
     a = md->sha1.state[0];
     b = md->sha1.state[1];
     c = md->sha1.state[2];
     d = md->sha1.state[3];
     e = md->sha1.state[4];

     /* expand it */
     for (i = 16; i < 80; i++) {
         W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
     }

     /* compress */
     /* round one */
     #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30);
     #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30);
     #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30);
     #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30);

 #ifdef LTC_SMALL_CODE

     for (i = 0; i < 20; ) {
        FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
     }

     for (; i < 40; ) {
        FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
     }

     for (; i < 60; ) {
        FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
     }

     for (; i < 80; ) {
        FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
     }

 #else

     for (i = 0; i < 20; ) {
        FF0(a,b,c,d,e,i++);
        FF0(e,a,b,c,d,i++);
        FF0(d,e,a,b,c,i++);
        FF0(c,d,e,a,b,i++);
        FF0(b,c,d,e,a,i++);
     }

     /* round two */
     for (; i < 40; )  {
        FF1(a,b,c,d,e,i++);
        FF1(e,a,b,c,d,i++);
        FF1(d,e,a,b,c,i++);
        FF1(c,d,e,a,b,i++);
        FF1(b,c,d,e,a,i++);
     }

     /* round three */
     for (; i < 60; )  {
        FF2(a,b,c,d,e,i++);
        FF2(e,a,b,c,d,i++);
        FF2(d,e,a,b,c,i++);
        FF2(c,d,e,a,b,i++);
        FF2(b,c,d,e,a,i++);
     }

     /* round four */
     for (; i < 80; )  {
        FF3(a,b,c,d,e,i++);
        FF3(e,a,b,c,d,i++);
        FF3(d,e,a,b,c,i++);
        FF3(c,d,e,a,b,i++);
        FF3(b,c,d,e,a,i++);
     }
 #endif

     #undef FF0
     #undef FF1
     #undef FF2
     #undef FF3

     /* store */
     md->sha1.state[0] = md->sha1.state[0] + a;
     md->sha1.state[1] = md->sha1.state[1] + b;
     md->sha1.state[2] = md->sha1.state[2] + c;
     md->sha1.state[3] = md->sha1.state[3] + d;
     md->sha1.state[4] = md->sha1.state[4] + e;

     return CRYPT_OK;
 }

 #ifdef LTC_CLEAN_STACK
 static int sha1_compress(hash_state *md, unsigned char *buf)
 {
    int err;
    err = _sha1_compress(md, buf);
    burn_stack(sizeof(ulong32) * 87);
    return err;
 }
 #endif

 /**
    Initialize the hash state
    @param md   The hash state you wish to initialize
    @return CRYPT_OK if successful
 */
 int sha1_init(hash_state * md)
 {
    LTC_ARGCHK(md != NULL);
    md->sha1.state[0] = 0x67452301UL;
    md->sha1.state[1] = 0xefcdab89UL;
    md->sha1.state[2] = 0x98badcfeUL;
    md->sha1.state[3] = 0x10325476UL;
    md->sha1.state[4] = 0xc3d2e1f0UL;
    md->sha1.curlen = 0;
    md->sha1.length = 0;
    return CRYPT_OK;
 }

 /**
    Process a block of memory though the hash
    @param md     The hash state
    @param in     The data to hash
    @param inlen  The length of the data (octets)
    @return CRYPT_OK if successful
 */
 HASH_PROCESS(sha1_process, sha1_compress, sha1, 64)

 /**
    Terminate the hash to get the digest
    @param md  The hash state
    @param out [out] The destination of the hash (20 bytes)
    @return CRYPT_OK if successful
 */
 int sha1_done(hash_state * md, unsigned char *out)
 {
     int i;

     LTC_ARGCHK(md  != NULL);
     LTC_ARGCHK(out != NULL);

     if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
        return CRYPT_INVALID_ARG;
     }

     /* increase the length of the message */
     md->sha1.length += md->sha1.curlen * 8;

     /* append the '1' bit */
     md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;

     /* if the length is currently above 56 bytes we append zeros
      * then compress.  Then we can fall back to padding zeros and length
      * encoding like normal.
      */
     if (md->sha1.curlen > 56) {
         while (md->sha1.curlen < 64) {
             md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
         }
         sha1_compress(md, md->sha1.buf);
         md->sha1.curlen = 0;
     }

     /* pad upto 56 bytes of zeroes */
     while (md->sha1.curlen < 56) {
         md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
     }

     /* store length */
     STORE64H(md->sha1.length, md->sha1.buf+56);
     sha1_compress(md, md->sha1.buf);

     /* copy output */
     for (i = 0; i < 5; i++) {
         STORE32H(md->sha1.state[i], out+(4*i));
     }
 #ifdef LTC_CLEAN_STACK
     zeromem(md, sizeof(hash_state));
 #endif
     return CRYPT_OK;
 }

 /**
   Self-test the hash
   @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
 */
 int  sha1_test(void)
 {
  #ifndef LTC_TEST
     return CRYPT_NOP;
  #else
   static const struct {
       char *msg;
       unsigned char hash[20];
   } tests[] = {
     { "abc",
       { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
         0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
         0x9c, 0xd0, 0xd8, 0x9d }
     },
     { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
       { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
         0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
         0xE5, 0x46, 0x70, 0xF1 }
     }
   };

   int i;
   unsigned char tmp[20];
   hash_state md;

   for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0]));  i++) {
       sha1_init(&md);
       sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
       sha1_done(&md, tmp);
       if (XMEMCMP(tmp, tests[i].hash, 20) != 0) {
          return CRYPT_FAIL_TESTVECTOR;
       }
   }
   return CRYPT_OK;
   #endif
 }

 #endif


 /* $Source: /cvs/libtom/libtomcrypt/src/hashes/sha1.c,v $ */
 /* $Revision: 1.8 $ */
 /* $Date: 2006/11/01 09:28:17 $ */
	/* LibTomCrypt, modular cryptographic library -- Tom St Denis
	*
	* LibTomCrypt is a library that provides various cryptographic
	* algorithms in a highly modular and flexible manner.
	*
	* The library is free for all purposes without any express
	* guarantee it works.
	*
	* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
	*/
	#include "tomcrypt.h"

	/**
	@file sha1.c
	SHA1 code by Tom St Denis
	*/


	#ifdef SHA1

	const struct ltc_hash_descriptor sha1_desc =
	{
	"sha1",
	2,
	20,
	64,

	/* OID */
	{ 1, 3, 14, 3, 2, 26, },
	6,

	&sha1_init,
	&sha1_process,
	&sha1_done,
	&sha1_test,
	NULL
	};

	#define F0(x,y,z) (z ^ (x & (y ^ z)))
	#define F1(x,y,z) (x ^ y ^ z)
	#define F2(x,y,z) ((x & y) \| (z & (x \| y)))
	#define F3(x,y,z) (x ^ y ^ z)

	#ifdef LTC_CLEAN_STACK
	static int _sha1_compress(hash_state md, unsigned char buf)
	#else
	static int sha1_compress(hash_state md, unsigned char buf)
	#endif
	{
	ulong32 a,b,c,d,e,W[80],i;
	#ifdef LTC_SMALL_CODE
	ulong32 t;
	#endif

	/* copy the state into 512-bits into W[0..15] */
	for (i = 0; i < 16; i++) {
	LOAD32H(W[i], buf + (4*i));
	}

	/* copy state */
	a = md->sha1.state[0];
	b = md->sha1.state[1];
	c = md->sha1.state[2];
	d = md->sha1.state[3];
	e = md->sha1.state[4];

	/* expand it */
	for (i = 16; i < 80; i++) {
	W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
	}

	/* compress */
	/* round one */
	#define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30);
	#define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30);
	#define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30);
	#define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30);

	#ifdef LTC_SMALL_CODE

	for (i = 0; i < 20; ) {
	FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
	}

	for (; i < 40; ) {
	FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
	}

	for (; i < 60; ) {
	FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
	}

	for (; i < 80; ) {
	FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
	}

	#else

	for (i = 0; i < 20; ) {
	FF0(a,b,c,d,e,i++);
	FF0(e,a,b,c,d,i++);
	FF0(d,e,a,b,c,i++);
	FF0(c,d,e,a,b,i++);
	FF0(b,c,d,e,a,i++);
	}

	/* round two */
	for (; i < 40; ) {
	FF1(a,b,c,d,e,i++);
	FF1(e,a,b,c,d,i++);
	FF1(d,e,a,b,c,i++);
	FF1(c,d,e,a,b,i++);
	FF1(b,c,d,e,a,i++);
	}

	/* round three */
	for (; i < 60; ) {
	FF2(a,b,c,d,e,i++);
	FF2(e,a,b,c,d,i++);
	FF2(d,e,a,b,c,i++);
	FF2(c,d,e,a,b,i++);
	FF2(b,c,d,e,a,i++);
	}

	/* round four */
	for (; i < 80; ) {
	FF3(a,b,c,d,e,i++);
	FF3(e,a,b,c,d,i++);
	FF3(d,e,a,b,c,i++);
	FF3(c,d,e,a,b,i++);
	FF3(b,c,d,e,a,i++);
	}
	#endif

	#undef FF0
	#undef FF1
	#undef FF2
	#undef FF3

	/* store */
	md->sha1.state[0] = md->sha1.state[0] + a;
	md->sha1.state[1] = md->sha1.state[1] + b;
	md->sha1.state[2] = md->sha1.state[2] + c;
	md->sha1.state[3] = md->sha1.state[3] + d;
	md->sha1.state[4] = md->sha1.state[4] + e;

	return CRYPT_OK;
	}

	#ifdef LTC_CLEAN_STACK
	static int sha1_compress(hash_state md, unsigned char buf)
	{
	int err;
	err = _sha1_compress(md, buf);
	burn_stack(sizeof(ulong32) * 87);
	return err;
	}
	#endif

	/**
	Initialize the hash state
	@param md The hash state you wish to initialize
	@return CRYPT_OK if successful
	*/
	int sha1_init(hash_state * md)
	{
	LTC_ARGCHK(md != NULL);
	md->sha1.state[0] = 0x67452301UL;
	md->sha1.state[1] = 0xefcdab89UL;
	md->sha1.state[2] = 0x98badcfeUL;
	md->sha1.state[3] = 0x10325476UL;
	md->sha1.state[4] = 0xc3d2e1f0UL;
	md->sha1.curlen = 0;
	md->sha1.length = 0;
	return CRYPT_OK;
	}

	/**
	Process a block of memory though the hash
	@param md The hash state
	@param in The data to hash
	@param inlen The length of the data (octets)
	@return CRYPT_OK if successful
	*/
	HASH_PROCESS(sha1_process, sha1_compress, sha1, 64)

	/**
	Terminate the hash to get the digest
	@param md The hash state
	@param out [out] The destination of the hash (20 bytes)
	@return CRYPT_OK if successful
	*/
	int sha1_done(hash_state * md, unsigned char *out)
	{
	int i;

	LTC_ARGCHK(md != NULL);
	LTC_ARGCHK(out != NULL);

	if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
	return CRYPT_INVALID_ARG;
	}

	/* increase the length of the message */
	md->sha1.length += md->sha1.curlen * 8;

	/* append the '1' bit */
	md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;

	/* if the length is currently above 56 bytes we append zeros
	* then compress. Then we can fall back to padding zeros and length
	* encoding like normal.
	*/
	if (md->sha1.curlen > 56) {
	while (md->sha1.curlen < 64) {
	md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
	}
	sha1_compress(md, md->sha1.buf);
	md->sha1.curlen = 0;
	}

	/* pad upto 56 bytes of zeroes */
	while (md->sha1.curlen < 56) {
	md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
	}

	/* store length */
	STORE64H(md->sha1.length, md->sha1.buf+56);
	sha1_compress(md, md->sha1.buf);

	/* copy output */
	for (i = 0; i < 5; i++) {
	STORE32H(md->sha1.state[i], out+(4*i));
	}
	#ifdef LTC_CLEAN_STACK
	zeromem(md, sizeof(hash_state));
	#endif
	return CRYPT_OK;
	}

	/**
	Self-test the hash
	@return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
	*/
	int sha1_test(void)
	{
	#ifndef LTC_TEST
	return CRYPT_NOP;
	#else
	static const struct {
	char *msg;
	unsigned char hash[20];
	} tests[] = {
	{ "abc",
	{ 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
	0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
	0x9c, 0xd0, 0xd8, 0x9d }
	},
	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
	{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
	0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
	0xE5, 0x46, 0x70, 0xF1 }
	}
	};

	int i;
	unsigned char tmp[20];
	hash_state md;

	for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
	sha1_init(&md);
	sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
	sha1_done(&md, tmp);
	if (XMEMCMP(tmp, tests[i].hash, 20) != 0) {
	return CRYPT_FAIL_TESTVECTOR;
	}
	}
	return CRYPT_OK;
	#endif
	}

	#endif



	/* $Source: /cvs/libtom/libtomcrypt/src/hashes/sha1.c,v $ */
	/* $Revision: 1.8 $ */
	/* $Date: 2006/11/01 09:28:17 $ */